370ba9c1dfbfd2d6eed56e2aa9474854_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

370ba9c1dfbfd2d6eed56e2aa9474854_JaffaCakes118
Size

50KB
MD5

370ba9c1dfbfd2d6eed56e2aa9474854
SHA1

3ece05949e1922fd62cfb3f2d989f6fbaadbe286
SHA256

426cc05b1ca114b858ced0bd6cb574eb6abe0c1048292612feba8991869afa82
SHA512

166ed1e199bf9d81fcf99aa88ffa020bcb8609f9bccf467024927ed4a36eca7ea27f4149cd06186634de99cb9d99012cfa363d01e66181aa7575b49569193c45
SSDEEP

768:elzRi6rPPfelgcPNzNt7zLKQV8yI4iEyPFq9PCAoFTUXi9D3lIVf:CzRtXPcPZ732QV+RNq9KBoiD2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
370ba9c1dfbfd2d6eed56e2aa9474854_JaffaCakes118

Files

370ba9c1dfbfd2d6eed56e2aa9474854_JaffaCakes118
.exe windows:1 windows x86 arch:x86

71ec15884b11d3000d94dbffa2734094

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind

user32

MessageBoxA

crtdll

_iob
_itoa
__GetMainArgs
_strnicmp
abort
exit
fclose
fgetc
fopen
fputc
fwrite
getchar
localeconv
memcpy
memmove
memset
pow
raise
signal
strcat
strchr
strncmp
strtol
wcslen
wctomb

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 608B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 872B - Virtual size: 872B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE